Monday, 23 May 2011

Little Nephew has a physics exam today, so we've been busy revising the curriculum over the weekend. Near as I can tell he's hitting full marks in the first five out of the six component units: Movement, Radiation, Telecommunications, Electricity, Sound and Music. Not that the sample questions are a great indicator of a candidate's proficiency. I'm certain you could replace your grasp of physics by the algorithm, "Divide the first number by the second", and score about 65% using that stratagem alone. He does seem already to have grasped this fact.

The sixth and final unit covers the basics of Digital Electronics. Whether because it's the most recently introduced (we have previously had multiple sessions on the other areas), or because there are no number pairs to divide into each other, this does appear to be his one comparatively weak spot.

I've written previously about the efficacy of bringing practical demonstrations and aides-mémoires into our lessons, and for several months had been toying with the idea of writing a simulator for the basic digital electronic components - gates, flip-flops, registers, switches, LEDs and so on. Even made a few aborted attempts, in C#, Logo, and Scratch. But these kept getting bogged down by one particular detail: propagation delay. If a given circuit would in reality oscillate, then I felt that the model should do likewise. Unfortunately, this single choice opens the floodgates to a torrent of design decisions, turning the unwary engineer into a startled frozen rabbit...

Eventually yesterday, while he took his well-earned break and game of L.A. Noire between units 5 and 6, I decided I'd reinvented enough wheels for this month; performed a quick web search; and downloaded a 30 day demo of the first digital electronics simulator found. This was Logic.ly, and I could never have wished for a more perfectly dovetailed fit to match our educational requirements. Had it up and running in three seconds. Had example circuits from his textbook entered and working ten seconds after that. Okay I might be exaggerating a little; it's actually a cross-platform web based app, requiring installation of Adobe AIR to provide the offline standalone version. But that's just how it felt. Everything dragged and clicked exactly as expected, working instantly, with not a single word of prompting. Surely the only possible definition of the perfect UI.

The supplied component set was also more than ideal for our needs (hyperbole intended). Gates include inverters, and n-input gates (2 ≤ n ≤ 8) in all flavours (AND, OR, NAND, NOR, XOR, XNOR). A nice touch is the configurability of these last two for either odd/even parity or "=1" behaviour. At the next level of integration, there are flip-flops of the SR, D, JK and T kinds. Input controls include fixed logic levels, toggle and pushbutton switches, and a square wave generator. Outputs can go to either single lamps or 4-input hex digit displays.

Despite my earlier remarks on propagation time, the available components do include a buffer. According to the documentation, this "simply propagates the signal it receives. In the real world, a buffer will boost the electrical signal, if it has lost strength. In Logicly's simulation, one may use the buffer to affect propagation time." Hmm, I read that as: "future expansion".

Three demo circuits are provided to help get you started on more advanced projects: a D Latch memory cell, 1-bit Full Adder, and a Ripple Counter. Best of all, you can try the free demo online (no download required, but does need Flash 10).

Customisation

The circuit editor has configurable grid size and snap. Logic gate symbols are switchable between the distinctive shapes of the ANSI/IEEE standard, and the rectangles used by the IEC. Wire colours are used to indicate logic levels 0, 1 or indeterminate; these colours can be disabled or customised. Finally, unconnected inputs can be assigned a default logic level. When I started playing with chips in the 1970s, everything was TTL, and floating inputs went to logic "1". Some cretins even used this fact in their designs. The same idiots who bequeathed us the millennium bug, no doubt.

My Wish List

A killer feature would be the ability to package your own debugged circuit into its own little chip, a bit like the supplied flip-flop components, making it available for reuse in further designs. That's a lot of work, but I'm sure Josh has already thought of it plenty of times. Just the same, think I'll email him with the suggestion. Alternatively, or additionally, some more components from the MSI range would be good. Shift registers, multi-bit adders, that sort of thing. Lastly, a native Print option in the standalone version might not hurt a lot.

So... Did It Work?

Little Nephew is sitting his exam as I write this. I know he'll do extremely well.

Friday, 20 May 2011

Haven't had much to say about Sony's recent security troubles. Well, it's hard to travel anywhere on the news websites and blogs, without crashing into Floydian walls of opinion about the corporation and its permanently besieged Playstation Network. Even on the subject of this post, namely the "apology package", there are countless deafening choruses of "too little", "too late", "also, I want an Xbox", and related flamewars without end.

However

Jonathan Fargher, senior PR manager for Sony Computer Entertainment Europe (SCEE), has crossed a line with me. And I'm sure, with every other gamer with a gramme of technically literacy. If I may quote just two lines of his, from say the BBC's report:

Clearly there's going to be a minority of people out there who have some of those games.

We certainly believe [...] the choice of games that we're offering [...] is good value.

Of course I have to be careful what I say now, mindful of my country's draconian, and quite literally, unspeakably insane 17th century libel laws. But given these two statements, it is quite easy to prove with rigor, using little more than the rules of the predicate calculus, that Jonathan Fargher is either deranged, or a liar.

The proof doesn't depend on the truth or falsity of the individual statements themselves; given certain platitudes, it's as certain as any proof in logic, more so than any in the rest of mathematics. It is true regardless of whether or not some people already have some or all of these games; whether those people form a minority, or a majority; whether the choice of games is good value or a ripoff; and whether or not Jonathan Fargher believes some, any, all or none of the above. No single given factoid convicts. Rather, Jonathan Fargher's problem is that there's no consistent assignment of truth values to the various parts of his statements, that avoids the incriminating conclusion.

Reductio Ad Absurdum

We proceed by assuming the truth of everything Jonathan Fargher claims in those two statements above. From this we derive a contradiction. Finally we conclude that either Jonathan Fargher believes this contradiction, in which case he is arguably deranged; or alternatively, he doesn't actually believe (one or more of) his own claims. In that case, inescapably, he's a liar.

So, working from the back to the front: the second thing Jonathan Fargher believes is that the choice of games is "good value". How can we express this in less subjective terms? Let's take a look at that choice.

PS3 Title

Release Date

Dead Nation

Dec 2010

Infamous

May 2009

Little Big Planet

Oct 2008

Ratchet and Clank: Quest for Booty

Aug 2008

Wipeout HD/Fury

Dec 2009

Apart from the PSN exclusive zombie shooter Dead Nation, and the Fury addition to warhorse Wipeout HD, everything here is two or more years old.

PSP Title

Release Date

Killzone Liberation

Nov 2006

Little Big Planet PSP

Nov 2009

ModNation PSP

May 2010

Pursuit Force

Nov 2005

Wow. I'd forgotten there even was a PSP console in 2005.

Yet regardless of the considerable age and the low current prices (below £10) of many of these titles, and notwithstanding the fact that you get to pick only two games from either list, none of this allows us to deny Jonathan Fargher's claim of "good value". Why? Because here, they're free. Any attempt to compute the value-for-money of a given selection results in a division by zero error.

That can't be right. Are we now agreeing with Jonathan Fargher, and going fargher still, to say that the selection represents infinite value? No. Clearly the concept of value-for-money is inapplicable to truly free offers. A better gauge is the popularity of the selections. The more popular the game, the higher its value as a free offering. But here we begin to see the seeds of the contradiction that we seek. In a given console community, popular games are by definition those most likely to be owned already. And to such an existing owner, a free download of such a game obviously has a very low value indeed.

Summing Up

From Jonathan Fargher's Second Law, we are being offered a "good value" selection of games, in other words, a set containing at least some popular games. By definition, such games are already owned by a majority of a given console community. That contradicts Jonathan Fargher's First Law, that no more than "a minority of people" will already have any of those games.

Monday, 9 May 2011

In their paper presented at LEET '11, the March USENIX Workshop on Large-Scale Exploits and Emergent Threats, a team of five researchers from Belgium and France draw attention to certain very significant weaknesses in file hosting services (FHS) such as Easyshare, FileFactory, and the daddy of them all, RapidShare.

Basically these sites and many others use the secret URI method of sharing uploaded files. Of the 88 services examined in the study (12 of the original 100 having become excluded, because they offered search features, and therefore no pretence of privacy), 34 were found to employ simple sequential file identifiers. 20 of these used no further mitigation against the simplest attacks. The other 14 appended the original file name, yielding an ID effectively unknown to the attacker.

Attack!

Unfortunately, those most vulnerable 20 include some of the most popular and highly (Alexa) ranked sites. Their entire collections of private hosted files can be enumerated quite simply, by uploading a test file to acquire a valid file ID; then repeatedly decrementing that.

The researchers confirmed the viability of this attack by actually implementing an automatic crawler for those 20 sites. It managed to retrieve some 10,000 files per day for a whole month. Approximately half of these files had no other visible links on the web, suggesting that their owners do in fact regard them as effectively private data.

Decimate!

Even among the FHSs using additional obscurity, such as the original file name or randomly generated identifiers, short key lengths and restricted character sets were often found, as in many password contexts, still to leave protection relatively weak.

Additional security features available with some FHSs include CAPTCHA and a delay before download. Amusingly, most of these services also offer a paid "PRO" version which removes these "restrictions". Password protection, which makes more sense in real security terms, is only offered in about a quarter of cases.

HoneyFiles

The paper then goes on to document further vulnerabilities, for example in the publicly available software that even some of the better FHSs use to provide their services. But even that is not its best part. The researchers next went on to develop ingenious techniques utilising decoy documents, to determine the extent to which the security vulnerabilities of these websites are already being exploited by malicious users.

They even geolocated the hundreds of attacks on their "HoneyFiles". Perhaps unsurprisingly, more than half originated in Russia, and a further quarter in Ukraine. But significant contributions from fifteen other countries confirmed the world wide nature of these attack types. The researchers detected repeated attempts to use the fake credentials advertised in their HoneyFiles, as well as attempted SQL injection and file inclusion attacks.

Remedy

Encryption on the user's local computer is obviously a good mitigation. The researchers have developed a proof-of-concept Firefox add-on, automatically to encrypt and decrypt files on upload and download, and to hide encrypted files through steganography.

Wednesday, 4 May 2011

There's no doubt over the main news story this week: after a decade of planning, attempted operations, rhetoric, minor victories, apparently endless cold trails, dashed expectations and anticlimax, the operation was finally given the green light last weekend. To enter an impoverished strip of land, an isolated state ruled by an Islamist group regarded by some as being more than merely sympathetic to terrorism. A seemingly impossible border crossing, finally if indirectly negotiated by just over two dozen brave and dedicated professionals. A single determination and fixity of purpose, in an operation which had to be co-ordinated in utter secrecy until eventually, success was made certain, and the word was out.

Since its inception in 1999, millions have followed and been entertained, educated and inspired by the history, the example, and the performances of the West-Eastern Divan Orchestra. The brainchild of Barenboim, an Argentina-born Jew who today holds Palestinian citizenship, and his friend, the now deceased Palestinian literary scholar Edward Said, it was intended from the start to bring together young musicians from Israel and Arab countries, seeking to enable dialogue between the various cultures of the Middle East, and promoting peace and co-operation via the making of music together. Today, still featuring both Jewish and Palestinian musicians, the orchestra has members drawn from Egypt, Iran, Jordan, Lebanon and Syria, and boasts an international reputation for the quality of its performances.

First time I watched Paul Smaczny's multi-award-winning 2005 movie about the West-Eastern Divan Orchestra, Knowledge Is The Beginning, it was mostly with my jaw on my lap. I recall saying to Linda, "This wee guy's saving the world!" and also if I remember correctly, there was a wee bit of dust or some such bloody thing in my eye at the time.

This latest victory against the forces of fear, ignorance and intolerance once again shows the maestro continuing from strength to strength. Israeli citizens are prohibited by law from entering Gaza, however the new Egyptian military leaders have plans to open the border at the Rafah crossing. Barenboim entered Gaza via Egypt, together with 25 other musicians. Then they played some Mozart.

~

Update (June 25): Well whaddayaknow, Danny boy's only gone and got himself an honorary knighthood from Her Maj. Or rather, from the British ambassador to Berlin, at a gala dinner in the German capital. He is now a KBE - Knight of the British Empire - the highest honour said empire can bestow upon mere foreigners.

I've also learned that there are two versions of Paul Smaczny's film Knowledge Is The Beginning in circulation. The one currently showing on British Sky TV is the original, and ends when the dream of a Ramallah concert seems lost. Paul yelled out Cut! and Print! then spliced in some other live performance footage to round off the work... a matter of mere days before it became clear, towards the end of the tour, that in fact the troublesome security issues had been resolved; Ramallah was going ahead.

The edition on the 2DVD set is a revised and updated version. It shows the different factions entering the West Bank, all under their Spanish diplomatic passports, but separately and at different times (the Israeli musicians not arriving until the day of the performance). This is followed by some actual footage of the Ramallah concert, and rounded off by one of (Sir!) Daniel's amazing humanitarian speeches. The second DVD is, of course, that entire concert.

Homage to Science Fiction's grandmasters.John And Linda's Big French AdventuresNotes from our 2010 & 2011 Brittany holidays.So Long PCW, and belatedly, Sub SetThanks for my (rewarding, but brief) writingcareer.Sony FB: Part One : Part TwoEvil Corporation in Bait And Switch!Wee MacThe story of our Border Collie (1993-2009).What's in a Gristleizer?Life as a solder jockey; recycling Golden Virginia tobacco tins.